在这个影响软件供应链根基的问题被自动化工具攻克之前，预计将有更多由 Log4j 引发的问题出现。 Log4j 漏洞风波暂平，但下一场暴雷可能已经在 ...

在这起事件发生之前，就连 Apache Log4j 2 自身团队可能都没意识到，这么一个基于 Java 的日志框架影响范围竟有那么广。据前 Log4j 开发者、现 Apache ...

Log4j is everywhere One of the major concerns about Log4Shell is Log4j’s position in the software ecosystem. Logging is a fundamental feature of most software, which makes Log4j very widespread.

Keep reading. Ditch Log4j 2.15: DNS exfiltration & RCE possible Log4j 2.15.0 might contain even more severe vulnerabilities than the ones discovered so far, which is why 2.16.0 is by far a safer bet.

Suspicion of a DoS bug affecting log4j 2.16.0 arose on Apache's JIRA project about three days ago, shortly after 2.15.0 was found to be vulnerable to a minor DoS vulnerability (CVE-2021-45046).

As cybersecurity teams grapple with having to potentially patch their systems for a third time against Apache Log4j vulnerabilities, additional malware strains exploiting the flaws and an attack ...

Open-source software is everywhere now, but the Log4j flaw that affects Java enterprise applications is a reminder of what can go wrong in the complicated modern software supply chain.

China’s largest cloud service provider said it would improve compliance after it was disciplined by the government for failing to first report the Log4j vulnerability to Chinese authorities.

After exploiting Log4j on public-facing systems, the group uses what Check Point describes it as 'a PowerShell-based modular backdoor' for persistence, communication with a command and control (C ...

If you're not certain whether your Java project is free from Log4j vulnerabilities, you should try this easy-to-use scanning tool immediately.